|
|
|
|
|
|
by CaliforniaKarl
1486 days ago
|
|
|
> 4) Revoke certificates for old compromised versions of an installer so that downgrade attacks are not possible. I suggest the following alternative: When your own software is triggering the upgrade process, don't allow triggering an upgrade to an older version of the software. In other words: If a user wants to downgrade, they will have to do the work of running the installer for the older version (and possibly uninstalling the newer version first). This modified behavior addresses the problem mentioned in the article (a newer version of software running the installer for an older version), but still gives users the power to install an older version if they want. |
|
|